Re: [squid-users] squid_ldap_group with users in several OUs

Kelly_Connor@gilbert.k12.az.us wrote:
>
>
>
> Hi oliver-
>
> Try adjusting your squid_ldap_group query just after "-b
> cn=Users,dc=domain,dc=local" to include "-s sub" to search all
> subcontainers.

According to the man page, the search scope defaults to sub. I don't
believe it is a search scope problem anyway, perhaps a problem of
assembling the user DN from the base DN and username.

> Let me fire a question at you-
>
> I am trying to use squid_ldap_group to query Novell eDirectory via LDAP for
> multiple group memberships.
>
> I am fuzzy on how the search filter is used, and I see in your filter that
> you use variables other than "%s" that was referred to in some material I
> read.
>
> What is "%g", and what is "%u"? What is the difference between little f
> and big F in your search filter? I can find no documentation on big F.
>
> I think this is the key I need to understand squid_ldap_group

The -b and -f parameters specify the base DN and search filter for the
groups while the -B and -F parameters specify the base DN and search
filter for the users. %u is the username (or user DN if -F or -u is
specified), %g is the group name, %s is the username. This is all in the
man page for squid_ldap_group by the way.

I can get it all working if the users and groups are actually in the
base DN container that I specify. However if they are somewhere higher
in the tree it won't work.

Regards,
Oliver

This communication is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking any action in reliance on, this communication by persons or entities other than the intended recipient is prohibited. Exhibition IT Services Pty LTD makes no express or implied representation or warranty that this electronic communication or any attachment is free from computer viruses or other defects or conditions which could damage or interfere with the recipients data, hardware or software. This communication and any attachment may have been modified or otherwise interfered with in the course of transmission.
Received on Thu Dec 02 2004 - 17:19:08 MST